<?php 
$tpl=new TemplatePower("skin/sk_user.htm");
$tpl->prepare();
$tpl->assignGlobal("par_page","sr_user");
if($_GET['code']=='00' || !$_GET['code']){
	showlist();
}
if ($_GET['code']=='01') // show post form
{
	$sql="select * from module where active=1 order by thu_tu desc,id_module desc";
	$a=$DB->query($sql);
	$info['module_rows']='';
	while ($b=mysql_fetch_array($a))
	{
		$info['module_rows'].="<li class='checkitem'><input type='checkbox' name='modules[]' class='noborder' value='".$b['id_module']."'>&nbsp;&nbsp;".$b['name']."</li>";
	}
	$tpl->newBlock("addnew");
	$tpl->assign("module_rows",$info['module_rows']);
	showlist();
}
if ($_GET['code']=='02') // insert into database
{
	$sql="SELECT * FROM users WHERE active=1 AND username='".compile_post('username')."'";
	$db=$DB->query($sql);
	if(mysql_num_rows($db)<=0){
		$password=$_POST['password'];
		$password2=$_POST['password2'];
		if ($password!=$password2)
		{
			message("M&#7853;t kh&#7849;u kh&#244;ng tr&#249;ng nhau ! H&#227;y nh&#7853;p l&#7841;i th&#244;ng tin !");
		}
		else
		{
			$in_name=compile_post('name');
			$a=array(
					'name'=>$in_name
					);
			$a['username']=preg_replace("/[^a-zA-Z0-9_-\s]/", "", compile_post('username'));
			$a['password']=md5(compile_post('password'));
			$a['email']=compile_post('email');
			$a['telephone']=compile_post('telephone');
			$a['active']=intval(compile_post('active'));
			$a['super']=compile_post('super');
				
			$b=$DB->compile_db_insert_string($a);
			$sql="INSERT INTO users (".$b['FIELD_NAMES'].") VALUES (".$b['FIELD_VALUES'].")";
			$DB->query($sql);
			$idinsert=mysql_insert_id();
			$a=array();
			if ($idinsert)
			{
				$a['id_user']=$idinsert;
				$count=count($_POST['modules']);
				if ($count>0)
				{
					for ($i=0;$i<$count;$i++)
					{
						$a['id_module']=$_POST['modules'][$i];
						$b=$DB->compile_db_insert_string($a);
						$sql="INSERT INTO user_module (".$b['FIELD_NAMES'].") VALUES (".$b['FIELD_VALUES'].")";
						$DB->query($sql);
					}
				}
			}
			message("&#272;&#227; th&#234;m m&#7899;i th&#224;nh c&#244;ng !");
		}
	}else{
			message("Mã đăng nhập này đã tồn tại trong hệ thống, Bạn hãy chọn mã đăng nhập khác !");
			$sql="select * from module where active=1 order by thu_tu desc,id_module desc";
			$a=$DB->query($sql);
			$info['module_rows']='';
			while ($b=mysql_fetch_array($a))
			{
				$info['module_rows'].="<li class='checkitem'><input type='checkbox' name='modules[]' class='noborder' value='".$b['id_module']."'>&nbsp;&nbsp;".$b['name']."</li>";
			}
			$tpl->newBlock("addnew");
			$tpl->assign("name",compile_post('name'));
			$tpl->assign("username",compile_post('username'));
			$tpl->assign("email",compile_post('email'));
			$tpl->assign("telephone",compile_post('telephone'));
			$tpl->assign("module_rows",$info['module_rows']);
	}
	
	showlist();
}

if ($_GET['code']=='03') // show update form 
{
	$id=intval($_GET['id']);
	if ($id)
	{
		$sql="Select * from users where id_users=".$id;
		$a=$DB->query($sql);
		$info=array();
		$tpl->newBlock("update");
		if ($b=mysql_fetch_array($a))
		{
			$tpl->assign("id",$id);
			$info['name']=$b['name'];
			$tpl->assign("name",$b['name']);
			$tpl->assign("name",$b['name']);
			$tpl->assign("username",$b['username']);
			$tpl->assign("thu_tu",$b['thu_tu']);
			$info['active']=$b['active'];
			if ($info['active'])
				$tpl->assign("active","checked");
			else 
				$tpl->assign("active","");
			$info['super']=$b['super'];
			if ($info['super']==1)
				$tpl->assign("super","checked='checked'");
			else 
				$tpl->assign("super","");
			$tpl->assign("email",$b["email"]);
			$tpl->assign("telephone",$b["telephone"]);
			$sql="select * from user_module where id_user=".$b['id_users'];
			$x=$DB->query($sql);
			$i=0;
			$modules=array();
			while ($y=mysql_fetch_array($x))
			{
				$modules[$i]=$y['id_module'];
				$i++;
			}
			$sql="select * from module where active=1 order by thu_tu asc,id_module desc";
			$x=$DB->query($sql);
			$info['module_rows']='';
			while ($y=mysql_fetch_array($x))
			{
				$info['module_rows'].="<input type='checkbox' name='modules[]' class='noborder' value='".$y['id_module']."'";
				if (in_array($y['id_module'],$modules))
					$info['module_rows'].=" checked ";
				$info['module_rows'].=">&nbsp;&nbsp;".$y['name']."<br>";
				$tpl->assign("module_rows",$info['module_rows']);
			}
		}
	}
	showlist();
}

if ($_GET['code']=='04')
{
	$id=intval($_GET['id']);
	if ($id)
	{
		$in_name=compile_post('name');
		$a=array(
					'name'=>$in_name
				);
		$a['email']=compile_post('email');		
		$a['telephone']=compile_post('telephone');
		$a['active']=intval(compile_post('active'));
		$a['super']=compile_post('super');
				
		$b=$DB->compile_db_update_string($a);
		$sql="UPDATE users SET ".$b." WHERE id_users=".$id;
		$DB->query($sql);
		$sql="select * from user_module where id_user=".$id;
		$x=$DB->query($sql);
		$i=0;
		$modules=array();
		while ($y=mysql_fetch_array($x))
		{
			$modules[$i]=$y['id_module'];
			$i++;
		}				
		$idinsert=$id;
		$a=array();
		if ($idinsert)
		{
			$a['id_user']=$idinsert;
			$count=count($_POST['modules']);
			if ($count>0)
			{
				for ($i=0;$i<$count;$i++)
				{
					$id_module_search=0;
					$id_module_search=array_search($_POST['modules'][$i],$modules);
					if (!in_array($_POST['modules'][$i],$modules))
					{
						$a['id_module']=$_POST['modules'][$i];
						$b=$DB->compile_db_insert_string($a);
						$sql="INSERT INTO user_module (".$b['FIELD_NAMES'].") VALUES (".$b['FIELD_VALUES'].")";
						$DB->query($sql);
					}
					else
					{
						$modules[$id_module_search]=0;
					}
				}
			}
			$count=count($modules);
			if ($count>0)
			{
				for ($i=0;$i<$count;$i++)
				{
					if ($modules[$i])
					{
						$sql="delete from user_module where id_user=".$id." and id_module=".$modules[$i];
						$DB->query($sql);
					}
				}
			}
		}
		message("&#272;&#227; s&#7917;a ch&#7919;a th&#224;nh c&#244;ng !");
	}
	showlist();
}

if ($_GET['code']=='05')
{
	$id=intval($_GET['id']);
	if ($id)
	{
		$sql1="SELECT * FROM users WHERE super=1";
		$db=$DB->query($sql1);
		if(mysql_num_rows($db)>1){
			$sql="Delete from user_module where id_user=".$id;
			$DB->query($sql);	
			$sql="Delete from users where id_users=".$id;
			$DB->query($sql);
			message("&#272;&#227; x&#243;a th&#224;nh c&#244;ng !");
		}else{
			message("Bạn không thể xóa hết super admin!");
		}
	}
	showlist();
}

if ($_GET['code']=='06')
{
	$sql="Select * from users order by name asc";
	$c=$DB->query($sql);
	$info=array();
	$i=0;
	$a=array();
	while ($d=mysql_fetch_array($c))
	{
		$active=compile_post('active_'.$d['id_users']);
		if ($active!=$d['active'])
		{
			$a['active']=$active;
			$b=$DB->compile_db_update_string($a);
			$sql="UPDATE users SET ".$b." WHERE id_users=".$d['id_users'];
			$DB->query($sql);
		}
	}
	message("L&#432;u th&#224;nh c&#244;ng !");
	showlist();
}

if ($_GET['code']=='07')
{
	$id_items=$_POST['delallitem'];
	if($id_items);
	$list_id=0;
	foreach($id_items as $idit){
		$list_id.=','.$idit;
	}
	$sql1="SELECT * FROM users WHERE id_users IN (".$list_id.")";
	$db1=$DB->query($sql1);
	while($rs1=mysql_fetch_array($db1)){
		deleteimage($rs1['image'],$rs1['normal_image'],$rs1['small_image']);
	}
	$sql="DELETE FROM users WHERE id_users IN (".$list_id.")";
	$db=$DB->query($sql);
	if($db) message("Đã xóa xong !");
	else message("Lỗi không xóa được !");
	
	showlist();
}


function showlist()
{
	global $DB,$tpl;
	$sql="Select * from users order by id_users desc";
	$a=$DB->query($sql);
	$info=array();
	$i=0;
	$tpl->newBlock("show_list");
	while ($b=mysql_fetch_array($a))
	{
		$i++;
		$tpl->newBlock("list");
	
		$tpl->assign("id_users",$b['id_users']);
		$tpl->assign("thu_tu",$b['thu_tu']);
		if ($b['active']){
			$tpl->assign("active","checked");
		}else{
			$tpl->assign("active","");
		}
		$tpl->assign("name",$b['name']);
		$tpl->assign("id",$b['id_users']);
		$tpl->assign("username",$b['username']);
		$tpl->assign("email",$b['email']);
		$tpl->assign("telephone",$b['telephone']);
		if ($b['super'])
		{
			$tpl->assign("module","<font color='#ff0000'><b><center>Super Admin</center></b></font>");
		}
		else
		{
			$info['modules']="";
			$sql="select m.name as module_name from user_module as um inner join module as m on (um.id_module=m.id_module) where um.id_user=".$b['id_users']." AND m.active=1";
			$x=$DB->query($sql);
			while ($y=mysql_fetch_array($x))
			{
				$info['modules'].="&nbsp;-&nbsp;".$y['module_name']."<br>";
			}
			$tpl->assign("module",$info['modules']);
		}
	}
	
}
$tpl->printToScreen();
?>